WA000-WI6090 IIS6 - The UrlSegmentMaxLength registry entry must be set properly.

Information

Http.sys is the kernel mode driver that handles HTTP requests. There are several registry keys associated with http.sys. The UrlSegmentMaxLength key sets the maximum number of characters in a URL path segment (the area between the slashes in the URL). Setting this value too large may cause performance or a Denial of Service condition on the web server.

Solution

1. Open the registry editor.
2. Navigate to the following location in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters.
3. Set the value for the UrlSegmentMaxLength key to REG_DWORD 260 (or less) or add the key and set it to REG_DWORD 260.

See Also

http://iasecontent.disa.mil/stigs/zip/July2015/U_IIS_6-0_V6R16_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|II, Rule-ID|SV-38165r1_rule, STIG-ID|WA000-WI6090_IIS6, Vuln-ID|V-13719

Plugin: Windows

Control ID: 8501f7b223d7f43a2170c5a96e7505cecc89154994e27e070dd4a73ac49a08ff